[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
20/155: download: Protect against dangling symlinks in $SSL_CERT_DIR.
From: |
John Darrington |
Subject: |
20/155: download: Protect against dangling symlinks in $SSL_CERT_DIR. |
Date: |
Wed, 21 Dec 2016 20:48:30 +0000 (UTC) |
jmd pushed a commit to branch wip-installer
in repository guix.
commit bafbf73cd3c6ed3e3003cc91c214f3a1ca0721fd
Author: Ludovic Courtès <address@hidden>
Date: Fri Dec 16 18:00:01 2016 +0100
download: Protect against dangling symlinks in $SSL_CERT_DIR.
Reported by Christopher Baines <address@hidden>
in <https://bugs.gnu.org/25213>.
* guix/build/download.scm (make-credendials-with-ca-trust-files): Check
whether FILE exists before calling
'set-certificate-credentials-x509-trust-file!'.
---
guix/build/download.scm | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/guix/build/download.scm b/guix/build/download.scm
index 8e32b3d..203338b 100644
--- a/guix/build/download.scm
+++ b/guix/build/download.scm
@@ -289,9 +289,12 @@ DIRECTORY. Those authority certificates are checked when
(string-suffix? ".pem" file)))
'())))
(for-each (lambda (file)
- (set-certificate-credentials-x509-trust-file!
- cred (string-append directory "/" file)
- x509-certificate-format/pem))
+ (let ((file (string-append directory "/" file)))
+ ;; Protect against dangling symlinks.
+ (when (file-exists? file)
+ (set-certificate-credentials-x509-trust-file!
+ cred file
+ x509-certificate-format/pem))))
(or files '()))
cred))
- branch wip-installer created (now 56a7072), John Darrington, 2016/12/21
- 02/155: installer: Fix broken keymap change option., John Darrington, 2016/12/21
- 03/155: installer: Remove obsolete procedures/variables, John Darrington, 2016/12/21
- 04/155: installer: Fix broken timezone menu., John Darrington, 2016/12/21
- 05/155: installer: fix warning in usage of "format"., John Darrington, 2016/12/21
- 08/155: installer: Add IETF contraints for hostname in entry form., John Darrington, 2016/12/21
- 07/155: installer: Use ice-9 match., John Darrington, 2016/12/21
- 06/155: installer: use ice-9 format everywhere., John Darrington, 2016/12/21
- 19/155: refresh: Make dependency on (guix import crates) weak., John Darrington, 2016/12/21
- 16/155: gnu: grub: Add dependency on efibootmgr., John Darrington, 2016/12/21
- 20/155: download: Protect against dangling symlinks in $SSL_CERT_DIR.,
John Darrington <=
- 11/155: installer: Change "interfaces" from a variable to a procedure., John Darrington, 2016/12/21
- 21/155: profiles: Build profiles in a UTF-8 locale., John Darrington, 2016/12/21
- 09/155: installer: Use a record instead of a list to contain tasks., John Darrington, 2016/12/21
- 13/155: installer: Use call-with-temporary-output-file., John Darrington, 2016/12/21
- 29/155: gnu: Add fatfsck-static., John Darrington, 2016/12/21
- 24/155: build: assert-no-store-file-names: Ignore ChangeLog., John Darrington, 2016/12/21
- 18/155: install: Add dosfstools., John Darrington, 2016/12/21
- 23/155: gnu: libupnp: Fix CVE-2016-8863., John Darrington, 2016/12/21
- 25/155: gnu: acme-client: Provide path to certificates., John Darrington, 2016/12/21
- 34/155: import cran: Do not use "or later" licenses by default., John Darrington, 2016/12/21